123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121 |
- # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
- class UserAccessTokenController < ApplicationController
- prepend_before_action :authenticate_and_authorize!
- =begin
- Resource:
- GET /api/v1/user_access_token
- Response:
- {
- "tokens":[
- {"id":1,"label":"some user access token","preferences":{"permission":["cti.agent","ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}
- {"id":2,"label":"some user access token 2","preferences":{"permission":[ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}
- ],
- "permissions":[
- {id: 1, name: "admin", note: "Admin Interface", preferences: {}, active: true,...},
- {id: 2, name: "admin.user", note: "Manage Users", preferences: {}, active: true,...},
- ...
- ]
- }
- Test:
- curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password}
- =end
- def index
- tokens = Token.select(Token.column_names - %w[persistent token])
- .where(action: 'api', persistent: true, user_id: current_user.id)
- .reorder(updated_at: :desc, name: :asc)
- base_query = Permission.reorder(:name).where(active: true)
- permission_names = current_user.permissions.pluck(:name)
- ancestor_names = permission_names.flat_map { |name| Permission.with_parents(name) }.uniq -
- permission_names
- descendant_names = permission_names.map { |name| "#{SqlHelper.quote_like(name)}.%" }
- permissions = base_query.where(name: [*ancestor_names, *permission_names])
- descendant_names.each do |name|
- permissions = permissions.or(base_query.where('permissions.name LIKE ?', name))
- end
- permissions.select { |permission| permission.name.in?(ancestor_names) }
- .each { |permission| permission.preferences['disabled'] = true }
- render json: {
- tokens: tokens.map(&:attributes),
- permissions: permissions.map(&:attributes),
- }, status: :ok
- end
- =begin
- Resource:
- POST /api/v1/user_access_token
- Payload:
- {
- "label":"some test",
- "permission":["cti.agent","ticket.agent"],
- "expires_at":null
- }
- Response:
- {
- "name":"new_token_only_shown_once"
- }
- Test:
- curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"label":"some test","permission":["cti.agent","ticket.agent"],"expires_at":null}'
- =end
- def create
- if Setting.get('api_token_access') == false
- raise Exceptions::UnprocessableEntity, 'API token access disabled!'
- end
- if params[:name].blank?
- raise Exceptions::UnprocessableEntity, __("The required parameter 'name' is missing.")
- end
- token = Token.create!(
- action: 'api',
- name: params[:name],
- persistent: true,
- user_id: current_user.id,
- expires_at: params[:expires_at],
- preferences: {
- permission: params[:permission]
- }
- )
- render json: {
- token: token.token,
- }, status: :ok
- end
- =begin
- Resource:
- DELETE /api/v1/user_access_token/{id}
- Response:
- {}
- Test:
- curl http://localhost/api/v1/user_access_token/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE
- =end
- def destroy
- token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])
- raise Exceptions::UnprocessableEntity, __('The API token could not be found.') if !token
- token.destroy!
- render json: {}, status: :ok
- end
- end
|